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ABSTRACT 



[57] 



A method foi«wmifWigigj86sangMBfewan from disparate 
data sources through a n etworlw s provided. The method 
includes req^EBtiat^^tosa^ ES^ fro m a networl lESq^ 
using a client andKB^^BfeES ^^iigg n u . The metnSd 
further includes commimicating a logon input to the network 
server which then communica tes the logon input to a data- 
b ase server. N ext, the^ ^ 

t^fcras ^^^ and ge nerating^^^eS 
MHit ^se'^^is.DiidSn^^ fiif^^ 



method continu 



ftGe^iBgM'ig 5ttnumbjei^ na™j^^^ 
^putSt^He^hcnt^and 'S tomBg. and con agtUmcatin g^armcnu 
f&me client prompfiiig'Vh^iiser^Jo^ger^m at leasTa^first 

SQUigp . Next" the method includes requesting the first func- 
tion and communicating the session identification number, 
the portion of the logon input, and the first function request 
to the network server from the client. Next, the method 
includesjpgtS TOb^ngJJaj&^fgffiTO databascgs&fiycr 
adgf^ rify ing that~ther sc^ion jdenM c5tion.num^ 
s^&FtiSSro^^^^brifmpui-are^^^ method 
includes exchanging information between t^fc^^la^e 
E ^merga^ d the first type of disparate ^ysg jiu^ ^whiteS 
perfoimin g the first function, and then gene"rating"a ^staisf 
IgprJaserver^tMt is*pfd^^ 

response. 

20 Claims, 8 Drawing Sheets 
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SYSTEM AND METHOD FOR SECURELY As mentioned above, another significant problem encoun- 

ACCESSING INFORMATION FROM lered when developing on-hne commerce computer appli- 

DISPARATE DATA SOURCES THROUGH A cations and systems is that of overall system security. 

NETWORK ^ Systems must be secure enough to prevent unauthorized 

5 access to a user's account and unauthorized access to the 

TECHNICAL FIELD OF TOE INVENTION various disparate data sources. Unfortunately, security in 

The present invention relates generally to the field of "^'^^ ^^^^^^"^ ^ ^^^^7 ^^^^^^j*^^ ^^e unscrupulous 

computers and more particularly to a system.and.method for f'^^l'^' ^^^^^^ »f ^'^^ cumbersome that users 

ia^Etttftfai^ag^ssiB^aD^li^M^ ^."^ ^y^*^"' cumbersome to use. Security is espe- 

^JgygjjMllljg}"^^ cially a problem in systems unplemented using the Internet 

or corporate intranets where clients are not continuously in 

BACKGROUND OF TOE INVENTION direct communication with the on-line commerce system. In 

such arrangements, the client communicates with the on-line 

The mcreased popularity of the Internet and the develop- commerce system through a network of servers opening up 

mem of the World Wide Web (WWW) has resulted in the ^^e possibility to unauthorized access of sensitive informa- 

creation of new business opportunities. One such business tj^n while in transit. This arrangement also presents the 

opportunity is that of Internet commerce or on-line com- disadvantage of preventing the on-line system from deter- 

merce. On-line commerce involves the exchange of goods, ^^^^^ ^^en a session has started and when a session has 

services, and information as a result of transactions executed ^nded because of the absence of the continuous communi- 

using an on-lme computer system. On-line commerce is cations path by which the system can easily determine when 

often achieved using a computer application and system that ^ user has logged on or out. This presents the opportunity for 

allows access to information from disparate data sources two users, the second of which may be an unauthorized user, 

through a computer network, such as the Internet. To support ^^^^^ ^t the same time under the same account number or 

on-Une commerce, it is of paramount importance that the ^^j. identification number, 

underlying computer application and system provide: (1) o .... -i- r 

1 \ ' c I J- . J * ^ 25 Some prior attempts at providing a system for securely 

relevant information, often from disparate data sources, in a • c . r j- j i 

, , ' J /o\ r accessmg iniormation from disparate data sources have 

timely and accurate manner; and (2) a secure means for , , 5*, •. i t • j 

„ . , , * J 4U J- * J* provided too httle secunty. For example, an un authenticated 

allowing access to a user s account and the disparate data ^ . , „ V , i- 

. . ,u * n • 1 J . » security system allows access to one of the disparate data 

sources used by the system. Primarily, users do not want ^ ,^ . . • . ^ , 

. , * *u • * • f J • f sources by anyone having access to a web server and may 

unauthonzed access to their account information and mfor- m ^^ . u i - . .t. , • • 

. , . , , ,u • J * »u • allow one user to break mto another s session. This is 

mation providers do not want unauthorized access to their * ui * . j • c j 

, , ^ J * unacceptable to most users and information providers, 

data sources and systems. *^ *^ 

On-line commerce computer applications and systems are P"°'. f^'^^^ P^^rj^'^S "/y^"^-" 

difficult to design and implement, frequently taking years to f^^'^'y "ifonnation from disparate tiata sources 

develop, and provide either too little security or a level of 35 ^k?" c ' / u ''"^''""^"'^ ""'^ 

security that is too cumbersome in actual operation and '"A"''"^- P°[ ^^f^Pf^' ^""l °^ '''^^ ^J^^^V ^y^'*"** 

hence unacceptable. In particular, the development of com- ^^l";'^ identification numbers that are different from a 

puter applications and systems requiring interprocess com- ^ T ' ."f- '^'''"""^ "^^ '° remember 

munication for access to disparate data sources is complex y^' another number, in addition to an account number and 

and time consuming. Disparate data sources include infor- 40 P^^sword. Also some secunty systems require passwords 

, ^ J . J * L r and logon identincations for each disparate data source. This 

mation or data from such sources as databases, appucation . . ■ ■ 

^ .J n- 1 t A- , greatly increases the overall system administrative burden 

programs, or systems that reside on multiple and disparate P 

platforms, database management systems, and environments ^^"^f '^."'"''T' valid passwords and logon 
that may be physically separated from one another. The identifications (or user account numl^rs) must be mam- 
design difficulties and complexities arise from the interface 45 'T T^"^'?^. "'ff^'^"' •'^^bnologies. 
software that must be developed for each disparate data Whenever a new user is added or deleted or when an exisUng 

, „,„ „, -f „,;„„ „.„ . ^ f,^ „„u user changes a password, this information must be changed 

source to ensure that mtormation can be accessed from each ... *. _ ., .... , . . , ? 

disparate data source in a timely and accurate manner. Hie ^ '.P^,* l"""""^- availability of the user mformauon 

interface software is difficult and complex to develop ■="'«'Pl« also mcreases the risk of unauthoraed 

because each disparate data source may have a different or 50 T '^"^ by personnel having access at the various 

proprietary method and format or protocol for exchanging other secunty systems require an Internet or 

data. TTie format or protocol peculiarities of each disparate '° "'f.'^ ^^"^ browser before starting a new 

data source must be taken into account and coded into the session with their on-line system or after changing a pass- 

• , c f. r\c* .u j a= w -1 J 1 • word. Iiiis IS unacceptable to many users, 

interface software. Often, the difficulties and delays in ^ / 

designing the interface software adversely affect the dcvel- 55 ^^^er attempts at system security have focused on main- 

opment and implementation of other portions of the on-line taining a user database of valid passwords and logon iden- 

commerce application and system, which further increases tifications at a database on a web server. These types of 

overall system development time and costs. security systems do not provide the added security of 

The proper exchange of information between disparate j^^sulating the user database from web server personnel, 

data sources is especiaUy critical when the information is 60 ^^^^ secunty systems also frequently faU to provide the 

time sensitive. Time sensitive data is any data that frequently f^^^^ feature of aUo wing permissions and rights to 

changes. For example, on-hne commerce computer appU- ^^8°^^ to mdividual users or groups of users to Imiit 

cations and systems involving the trading of securities, such ^^^^^ ^^^^^ sources, 

as stocks, bonds, notes, options, futures, mutual funds, and SUMMARY OF TOE INVENTION 
the like, rely heavily on time sensitive data to ensure that 65 

trades are timely placed and that decisions are based on From the foregoing it may be appreciated that a need has 

accurate and up-to-date information. arisen for a system and method forC 



11/25/2003, EAST version: 1.4.1 



5,884,312 



b jiaBgmg ggFa^gyrp^through a network 
" eme^prob lems o f prior techniques. In 



tBaTSiffinSWP^ 

accordance with the present invention, a system and method 
for securely accessing information from disparate data 
sources through a network are provided which substantially 
eliminate the disadvantages and problems outlined above. 
The present invention provides session management even 
when implemented using the Internet or using a corporate 
intranet when direct communication is not continuously 
provided. 

According to an embodiment of the present invention,^ 
^)^^gggg^ing,,,mfo£p^i&p' disparate 
througlf a^network is~pr6vided. The method 
■imfnii from a network server 



iiSi;^fa»eliCTtfaml:rceem^&^tog^g^^ at the client. Next, 
the method includes*ceiwfmft«=»t (inggaa^!'Eg^ to the 
network sn^ii^d commuS ^teaaaSMB SSSpwrn the 
n etwork^5KneM|^|^a|^^^^^^ The method then 
iiflS i^^feifj jj^ ^featlfe hrlfB^^ 

^e»sei^er, and g^ g gg a ting^aSi 
^^ion! gdent!i | ficari^^ — . 

resiMHgjr.tQgSuccessftiUv;^ven^^^ 



The session management is preferably transparent to the 
user and is performed using an encrypted session identifi- 
cation number. Another technical advantage of the present 
invention, in one embodiment, includes a system architec- 
ture in which a database server is provided separately from 
a web server and a network to further secure access to the 
disparate data sources and to further secure the user data 
such as account numbers and passwords. A further technical 
advantage of the present invention includes the presence of 
one user database or system that is used to store all pass- 
words and account numbers to minimize access and . to 
perform all security system verifications, authorizations, and 
encryptions at one location. 

Additional technical advantages of the present invention 
include the capability to prevent more than one user from 
accessing the system using the same account number at the 
same time. Yet another technical advantage of the present 
invention includes the capability to access the present inven- 
tion using any of a variety of clients such as an interactive 
?^uniq^J^20 ^^^'^ response system or a web browser-enabled computer. 

Another technical advantage of the present i nvention 

inchli j^^^ ^ a ^^iuit ^j ^ a nfLmfltitf^TKa^pmvi'l^pV both 

a^j^S^^iQDiiaDg^^^ 
j^ibges/rightstbefoij^'lfo^ 



10 



IS 



v^lid'iog^in^t^t^extnHc mcffeo^i ntlStl^^ mmumcatlSg 

jiikt^hc^g^jSitormg»this*m^ ^s^^j^^S^^SSt®^. Further teclmical''acivantages-ihcluae 



llie method then includes communicating a menu to the 
client prom@ig5|ggt^a^^^ q;^il^i^ t^^ 
^^iring%acx:j&^tSa^^^ ^eiQ&eBsp 
^Sg ^nd^^^tion^^ Qguifing^ accessJo a. seTO nd^ type^of^data 
sjm^^ user may then request the first functioiTwhere-th^ 30 
memS^esponds by communicating the session identifica- 
tion number, the portion of the logon input, and the first 
function request to the network server, where the network 
server communicates this information to the database server. 
At this point the meth(^^lud|esifc\^eri^iingcat*ttodat^^ 
s ei^igtra tsthc^ scssienddeS iScati 

(Afeeil o i ^^ infjarmationr^ 
WlMfeenatnScSSS?^^ di^paFate • 

j^Uatsaucce^while performmgrthe fi'rst.fimctionTFinallyrthe 
^^Scl**incl^^^^g^®^^a 'first"^output~in--Fes^onseE^to 40 
performing the first function and communicating the first 
output to the client. 

According to another embodiment of the present 
invention, a system for securely accessing information from 



activity logging and audit logging of all transactions or 
functions performed by a user, and the capabihty to end a 
session if no activity is received within a predefined time 
period. Yet another technical advantage is a common 

the disparate da^^^^^^^^^^^^^^*pr^^^^^ 

layer, such as a client interface, to be developed indepen- 
dently from and in parallel with the application and data 
layers of the system, resulting in faster overall system 
development. Other technical advantages are readily appar- 
ent to one skilled in the art from the following figures, 
description, and claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 

For a more complete understanding of the present inven- 
tion and the advantages thereof, reference is now made to 
the following brief description, taken in connection with the 
accompanying drawings and detailed description, wherein 
like reference numerals represent like parts, in which: 



J- *j4 u . 1- ,1-1*1-* FIG. 1 is an overview diagram illustrating a network 

disparate data sources through a network is provided that 45 cj . c 1 • - c 

inHnH.. . rM.ni u n..wnri. tr^.r . H,t.h../..™r .nH . configurcd as a system for securely accessmg mformation 



includes a client, a network server, a database server, and a 
disparate data source. The client includes volatile memory 
and is enabled with a web browser to provide a request to the 
network server and to store and exchange a session identi- 
fication number and an account number with the network 50 
server. The network server provides the session and account 
information to the database server and executes a script in 
response to receiving the request. The database server 
receives the session identification number and account infor- 
mation and includes a database management system that ss 
executes a first function stored procedure in response to the 
script of the network server. The first function stored pro- 
cedure executes another stored procedure to verify the 
session and account information with a user table and then 



from disparate data sources; 

FIG. 2 is a block diagram illustrating an exemplary 
connection between a cfient, a web server, a database server, 
and a plurahty of disparate data sources according to the 
teachings of the present invention; 

FIG. 3 is a block diagram illustrating an exemplary 
implementation of the present invention showing a set of 
routines used to access the plurality of disparate data sources 
and to function as a brokerage application that allows users 
to access portfolio information, to retrieve stock quotes, and 
to execute stock transactions; 

FIG. 4 is an overview flowchart illustrating an exemplary 
method for securely accessing information from disparate 



executes a corresponding first function registered procedure 60 ^^^^ sources through a network according to the teachings of 



to request information from the first disparate data source. 

The present invention provides a myriad of technical 
advantages including the capability to securely access infor- 
mation from disparate data sources while performing session 
nianagement. f^^^^ ^^BrfaaDaaemc nt g i n^jes^g tomj^ 
g,ing^rcquSBjS55m 
intincation number each time a user makes a request. 



the present invention; 

FIG. 5 is a flowchart illustrating an exemplary method for 
performing a logon process; 

FIG. 6 is a flowchart illustrating an exemplary method for 
a 65 performing a check access process; 

FIG. 7 is a flowchart illustrating an exemplary method for 
performing a log out process; and 
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FIG. 8 is an overview exemplary map of various input/ 
informalioDal displays and output displays that may be used 
in the brokerage application of FIG. 3. 

DETAILED DESCRIPTION OF THE 
INVENTION 

Turning first to the nomenclature of the specification, the 
detailed description which follows is represented largely in 
terms of processes and symbolic representations of opera- 
tions by conventional computer components, including a 
central processing unit (CPU) or processor associated with 
a general purpose computer system, memory storage devices 
for the CPU, and connected pixel-oriented display devices. 
These operations include the manipulation of data bits by the 
CPU and the maintenance of these bits within data structures 
resident in one or more of the memory storage devices. Such 
data structures impose a physical organization upon the 
collection of data bits stored within computer memory and 
represent specific electrical or magnetic elements. These 



I, such as an on-line brokerage application that 

allows users to receive portfolio information, check stock 
prices, and to execute stock transactions. While an on-line 
brokerage application will be used throughout this descrip- 
5 tion of the invention, it is used only as an example of the 
types of apphcations to which the present invention may be 
used, and should in no way be construed to limit the present 
invention. ^^^mmi^m* 

System 10 S^^^^lffira^ using the Internet or 
using a corporate intranet and allows multiple clients to 
access information from virtually any data sourc e^ncluding 
various disparate data sources, wamew^lS^Smg^^ffrr^ 
^l^a^^^^ga^^^^gFt. Generall y, the sec urity 
funcUonffiSyslSiriVi may divided ^BiatiE )fiL^DrGces!y 
j5 a^^ ^gggasstDi«a^saBai(| ga! |^^ ^ The security 

functions are described m more detail below and are illus- 
trated in FIGS. 5-7. 

A telephone 12 is provided as a client to system 10 and 
couples to a telecommunications network 14. Telecommu- 



• - ^ . . - J. u 1 11 J 20 nications network 14 may be a voice or public telephone 

symbolic representations are the means used by those skilled ^o^^^^ications network that provides voice communica- 



in the art of computer programming and computer construc- 
tion to most effectively convey teachings and discoveries to 
others skilled in the art. 

For the purposes of this discussion, a process or method 
is generally considered to be a sequence of computer- 
executed steps or instructions leading to a desired result. 
These steps generally require manipulations of physical 
quantities. Usually, although not necessarily, these quantities 
take the form of electrical, magnetic, or optical signals 
capable of being stored, transferred, combined, compared or 
otherwise manipulated. It is conventional for those skilled in 
the art to refer to these signals as bits, values, elements, 
symbols, characters, text, terms, numbers, records, files, or 



tion. Telecommunications network 14 couples to an inter- 
active voice response (IVR) system 16 so that information 
may be exchanged between telephone 12 and IVR system 
25 16. IVR system 16 may be any termination device that 
allows a user of telephone 12 to initiate certain actions in 
response to prompts by IVR system 16. For example, IVR 
system 16 may present a voice menu to the user of telephone 
12 to which the user may respond by pressing appropriate 
30 buttons generating dual-tone, multi-frequency (DTMF) 
tones generated by telephone 12, In an alternative 
embodiment, IVR system 16 may recognize voice com- 
mands from the user of telephone 12. 

IVR system 16 couples to a database server 22 through a 



the like. It should be kept in mind, however, that these and 3^ network 18 and a firewall 20. Network 18 may be any 



some other terms should be associated with appropriate 
physical quantities for computer operations, and that these 
terms are merely conventional labels applied to physical 
quantities that exist within and during operation of the 
computer. 

It should also be understood that manipulations within the 
computer are often referred to in terms such as adding, 
comparing, moving, etc., which are often associated with 
manual operations performed by a human operator. It must 



network such as a data or voice network that allows data to 
be exchanged between IVR system 16 and database server 
22. Firewall 20 provides added security to system 10 by 
preventing unauthorized user access to both database server 
40 22 and a web server 28. In one embodiment, firewall 20 may 
be implemented using software on a personal computer as 
shown in FIG. 1. Firewall 20 will preferably include dedi- 
cated hardware and software systems that screen network 
trafSc and validate the flow of information between both 



be understood that no involvement of a human operator is 45 database server 22 and IVR system 16 and between database 



necessary or even desirable in the present invention. The 
operations described herein are machine operations per- 
formed in conjunction with a human operator or user that 
interacts with the computer or computers. 



server 22 and a web server 28 and the various clients of 
system 10. The present invention may employ any known or 
available physical configurations or software implementa- 
tions of a firewall. When access is allowed, firewall 20 
In addition, it should be understood that the programs, 50 provides the information from network 18 directly to data- 
processes, methods, etc. described herein are but an example base server 22. Thus, telephone 12 accesses database server 
of one implementation of the present invention. The present 22 through the path just described, 
invention is not limited to any one particular computer, OMftegg^^gg^^^j^^aj^^ ^^ y^rinus stored^pjoced ures 
apparatus or computer language. Rather, the present inven- t hatjna y bejexecuted i n respons e^tol-equests and' informal 
tion may be practiced using various types of general purpose 55 tion recei\^ed''^E^r/R"system TeTasdifgEte^^'^y'rusiF^ 
computing machines or devices executing programs con- telephone 12. Database server 22, in a preferred 



structed in accordance with the teachings described herein. 
Similarly, it may prove advantageous to construct a special- 
ized apparatus to perform the method steps described herein 
by way of dedicated computer systems with hardwired logic 
or programs stored in non-volatile memory, such as read 
only memor 

Referring now in more detail to the drawings, FIG. 1 is an 
overview diagram illustrating a network configmed as a 

data sources. System 10, in one embodiment, may be 
implemented as g n mp.r 



embodiment, will f^ meacrajiwg ^ ^mjgafl ^ Mr trta iy Mslc m 

software, such as a relational database management system, 
that allows (^Mggm^^^E^^|g^£Si8res and registered 
60 proccdurcsjtoJhS^SS^rjta^ server 22 i^fes^ggje 
to^^«piffiSR^Sjffimahds"feceivey^fif5S^n^ system 16, The 
stored procedures may be thought of as computer programs 
or application program interfaces that may be directly called 
by the database management s ystem softw are to access 
i various disp^atejJata sources. ^ITilBbQEcaipmi^ggnsg^igT;?' 

^Ipp'icSib^program mierfa^^ 
^gysleni 10. The presentation layer serves as the user interface 
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or presentation interface that is provided to the user. When nicates through its Internet Service Provider using network 

a user requests a particular function of system 10 that 26 to access web server 28, after going through firewall 20 

requires access to a disparate data source, a stored procedure for added security. 

is called by the database management system software. In Web server 28 may be implemented using any computer, 
turn, the stored procedure calls a registered procedure that 5 such as, for example, a SUN work station using the UNIX 
serves as a direct interface to the desired disparate data operating system and running a web server program that 
source and allows access to the disparate data source. accepts requests for information fram ed according to the 
Tlie various data sources of system 10 are also shown in HypefText Transport Protocol (HTTP). Web server 28 pro- 
FIG. 1 as a data source 32, a data source 34, a data source '"^f. f '^f'^'^. "7°'^ •« 
36, and a data source 38. Database server 22 may commu- 10 «he requesting client according to the client s Internet 
nicate with the various data sources through any network, address which, in one embodiment, may be provided accord- 
such as network 30, or using multiple networks. Network 30 Transmission Control Protocol, Internet Protocol 

allows data or information to be exchanged between data- ^^^/^^^ ccm^J^" 

h,.c» T> . H... program such as NETSCAPE COMMERCE SERVER or 

base server 22 and a chosen data source. NETSCAPE ENTERPRISE SERVER. 

Tlie data sources that are directly compatible with the ^^j, ^^^^ ^ ^ji^^ ^^j, browser-enabled 

database management system of database server 22 are not ^^-^^^ browser-enabled clients of a 

considered to be disparate data sources and can be accessed coiporate intranet to receive graphical documents that are 

by the database management software using only a stored ^j^f,^^ ^^^^^ ^^ ^^^^^^ and identified by a specific 

procedure. Normally, such daU sources were ongmaUy URL or generated using a particular script at web browser 28 

created usmg the same database management system that i j. „ imr to. • . * 

,^ , . 5 . also identified by a speanc URL. The scnpts are computer 

resides on database server 22. An other data sources that are ^.^^^ ^ ^ ■ ^ programming 

not considered to be directly compatible with the database i ^e implemented according to the Com 

management system of database server 22 may be referred j^^^^^^^ (^Gl) standard or the NETSCAPE 

to as disparate data sources Disparate data sources must use SERVER APPLICATION PROGRAM INTERFACE 

a stored procedure to call a umque or specially written ^f^g^,) „^ ^^^^^ ^^^^ ^, j^^, ^^^.^^ 

interface, such as a registered procedure to access the ^^^^ ^^^^ ^^^^ ^ 

disparate data source. The advantage of being directly j^,^ ^^^^^ ^^^^ j.^^ ^„ 

compatible with the database management system is that the page. Scripts are normally needed 

interface or application program interface is easily devel- ^^^^ ^„ ^,1^ ^^^^^ j^^^^ ^^i^^ 

oped and generally does not require the development of a ^„ ^ ^ring about the execution of other programs 

unique separate routme, such as a registered procedure, to ^^^^^ Ultimately, the scripts generate a web page to 

properly mterface with the disparate data source and the ^ ^„ browser-enabled client The 

dataljase management system. However, it should be under- ^^f, ^^ generally be provided as a text file encoded 

stood that according to the present invention, even a dispar- ^-^^ ^ declarative markup language (DML) such as the 
ate data source, whether a database, an apphcation program^ S^^^^^^^ Generalized Markup Unguage (SGML) or, 

or any other sj^tem^bk^ql^r^^^^ preferably, with HyperText Martoip Language (HTML). 

&d5BaBai!ag»afl,^t Mtrwmzuit& £^ directly with the ore- ^ ™ ' . i ^ u 

o ^^!f^^3S^!PfSS■l&fe^ ->« or,^ i\/D c.„..»™ 1 < client 24 may request a particular function that 

sentation layer, s»Hras weo sef^iB^28 and IVR system 16, , , • . * j * t_ i_ -^o i_- i_ 

. .u * • . corresponds to a script stored at web browser 28 which 

in the same or similar manner as a data source that is not a . ^. . ^ . . , , 

* J * Tn.' n • '.u * J 40 results in a communication to database server 22 through a 

disparate data source. This will occur using the stored ■ . t- i • . r 

J • * r * 11 J 1 * r communications Imk. When requesting access to iniorma- 

procedu re or common interface that allows development of . ^- , i- , ^ , . '^^^^"^ 

r. * *• I * J ■ J J .1 f *u tion at any of the disparate data sources, the script of web 

the presentation layer to proceed independently from the . -Co n i, . , . 

,1 , c J browser 28 will generally request that database server 22 

development of any registered procedure or other interface , j, n „ . j, 

. J 7 u J 1 J execute a predefined stored procedure, which then calls a 

routine that may need to be developed. j .. . . . 

-Bw.'j'g "j^'* i^'imm 45 registered procedure, to allow the database management 

Afte^S^stafeaseHSCSSSfe,^?^ desired^^s^Ped ^y^^^^ database server 22 to access a particular disparate 

procedureor registered procedure as desired by the user of ^^^^ ^^^ce such as data source 32. As a result, data source 

telephon?9®?nbc»ae66ss^irf€M™ ^TW^ 32 p^vide information or data back to the stored 

IVR system 16. IVR system 16, in response, generates a procedure at database server 22 which then provides the 

corresponding output and provides the requested informa- information or data back to the script at web browser 28. 

tion to telephone L2. The user of telephone 12 may then -j^en, the receiving script, using the web server program, 

perform additional functions or may log out of system 10. generates a corresponding web page illustrating the desired 

A separate path from a client to the various dispa rate data information or data and provides the web page to the user of 
sources is provided using ^Sg5iM ^^^y€iatr2 ?ftffiayMBe»a^ client 24. 

p^SSlB^impateEfenablea^wifPa web browser and con- 55 As an example of the operation of system 10, assume that 

nected to the Internet. For example, client 24 may be running system 10 is implemented as an on-line commerce applica- 

thc NETSCAPE NAVIGATOR web browser and using a tion and system, such as a brokerage application, that allows 

modem to couple to the server of an Internet Service users to access portfolio information, stock quotes, and to 

Provider. The Internet Service Provider, not shown in FIG. execute stock transactions. First, a user of either telephone 

1, may be any node or server on the Internet and may be in 12 or client 24 will access system 10 by logging on. System 

communication with client 24 using a dedicated communi- 10, as part of its security functions will perform a logon 

cations path or a public telecommunications network such as process. The logon process is described in more detail below 

a network 26 as shown in FIG. 1. and is illustrated more fully in FIG. 5. Generally though, a 

Qient 24 may access web server 28 by entering an user of a client of system 10 will receive a logon menu and 
appropriate address or uniform resource locator (URL) that 65 will provide an account number and password and will 

identifies a particular document or web page stored on web select a logon button. The account number may be a user id 

server 28, As such, in one embodiment, client 24 commu- or a logon id. In response, the password and account number 
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will be provided to database server 22. Database server 22 unique session id and account number previously stored at 

will, in response, execute a logon stored procedure that the client. The session id and account nunaber were stored in 

verifies the user's account number and password. The IVR system 16 when client access is provided through a 

account number and password are encrypted before being telephone coupled to IVR system 16. Hence, the command 

transmitted through a network, such as the Internet, employ- 5 to delete the unique session id and account number is sent to 

ing any available encryption technique such as the Secure IVR system 16 in such a case. Finally, database server 22 

Socket Layer (SSL) specification that is used between web presents a home page menu or voice command to the user at 

browsers and web servers. If the verification is successful, the client so that the user may either exit system 10 entirely 

database server 22 generates a unique session identification or attempt to logon again. 

number (session id) and stores it locally in a user table such jq Thus, system 10 provides a unique system architectiue for 

that it is associated with the user's account number. The easily developing and implementing on-line computer appli- 

session id is encrypted before being stored to further secure cations and systems, such as on-line commerce type 

the session. Database server 22 then provides the session id applications, that access disparate data sources. The stored 

and account number back to the client where it is stored. In procedures or APIs of database server 22 allow for system 

the case of telephone 12, the session id and account number development of the presentation layer to proceed indepen- 

may be stored at IVR system 16 where storage capability is dently from the development of the application layer and the 

available. A main menu is then provided to the client. data layer thus reducing overall system development time 

The user of system 10 may then desire to check, for and costs. System 10 also provides session nianagement and 

example, portfolio information that is stored on some dis- security features allowing users to feel confident ttjat their 

parate data source. The portfolio information may be pro- 20 at^oi^Dt information is secure and allowing information 

vided on a remote data source such as data source 36 of FIG. providers to feel confident that their data sources are secure. 

1. In response to requesting access to portfolio information. The fact that database server 22 is provided separately 

the client also provides the session id and account number increases overall system security and ensures that a user 

back to database server 22 where it is once again verified. table of all account information is provided in only one 

This process is referred to as the check access process and 25 location. As mentioned above, the security functions of 

is described more fully below and is illustrated in FIG. 6. system 10 may be generally divided into a logon process; a 

Generally though, database server 22 will verify the session check access process; and a log off process. Each of these 

id, check to ensure that the client has not waited too long security functions are described in more detail below and in 

between requests, and will log all requests made by the user the various FIGURES. 

in an activity log table. The check access process will also 30 FIG. 2 is a block diagram illustrating an exemplary 

check to ensure that the user has privileges or rights to connection 40 between client 24, web server 28, database 

perform the requested function. If so, the portfolio data is server 22, and a plurality of disparate data sources according 

retrieved from the disparate data source 36 using a stored to the teachings of the present invention. The disparate data 

procedure and a registered procedure of database server 22 sources may be provided as data source 32, data source 34, 

and the information is provided back to the user in any of a 35 data source 36, and data source 38 as discussed previously 

variety of formats, such as web page, an e-mail, or as a voice in relation to FIG. 1. 

message. The stored procedure or computer program of Client 24 includes a processor 44, I/O devices 46, 

database server 22 serves as an application program inter- memory 48, and local storage 50. Memory 48 is shown 

face to exchange information with either IVR system 16 or enabled or loaded with an operating system 52 and a web 

web server 28. Web server 28 may also be referred to as a 40 browser 54. Web browser 54 also includes memory storage 

network server. It should be noted that the application locations, such as Cookies, that are used in the present 

program interface or stored procedure is the same regardless invention to store the account number and session id in 

of whether the request was made from IVR system 16 or volatile memory such as memory 48. Memory 48 may be 

from web server 28. implemented as any type of memory but will preferably be 

In one embodiment, data source 36 is provided on a 45 implemented as RAM. Client 24 may be implemented on 

platform that is completely different from that of database virtually any computer such as a personal computer, a 

server 22 and hence includes an interface program that minicomputer, a work station, using a local area network 

allows data source 36 to retrieve the request from database (LAN), or any other computer capable of executing web 

server 22, to process the request, and to provide the appro- browser 54. 

priate data back to database server 22. In such a case, 50 Processor 44, under the control of operating system 52, is 

database server 22 will generally also execute a registered used to retrieve, process, store, and display data. Processor 

procedure which is called by the stored procedure and 44 communicates control, address, and data signals with 

includes interfacing instructions or code compatible with operating system 52 and with the remaining components of 

data source 36. ^ client 24 through a system bus. Processor 44 may include an 

Finally, a user of telephone 12 or client 24 may end a 55 arithmetic logic unit used to assist processor 44 in perform- 

session by initiating a log out process. The log out process ing mathematical operations. Processor 44 interprets and 

is described in more detail below and is illustrated more executes instructions that have been fetched or retrieved 

fully in FIG. 7. Generally though, a user of a client may from memory 48, such as from web browser 54, and may be 

initiate the log out process by selecting a log out button. This implemented as a single integrated circuit or as a combina- 

resulls in the session id, account number, and log out request 60 tion of integrated circuits. Processor 44 may be implemented 

being provided from the client to database server 22. Data- using virtually any available processor such as an INTEL or 

base server 22 responds by executing a log out stored MOTOROLA microprocessor. Similarly, I/O devices 46 

procedure using the database management system. Once may be any peripheral that allows data to be exchanged or 

again, the session id is verified and if found to be valid, the accessed with client 24 and may include such devices as a 

session id is erased from the user table of database server 22. 65 keyboard, pointing device, a monitor, a graphics tablet, a 

An activity log is updated reflecting the time that the user modem, and the like. Local storage 50 may be any device 

logged out and a command is sent to the client to delete the capable of storing computer files such as a hard disk drive, 
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a read/write compact disk, and the like. Operating system 52 
may be provided as any available operating system such as 
WINDOWS, WINDOWS 95. WINDOWS NT. OS/2. 
MS-DOS, and UNIX- 
Web browser 54, along with operating system 52 may be 5 
provided to memory 48 from local storage 50 either when 
selected by a user or automatically during initialization of 
client 24. Web browser 54 allows information to be 
exchanged with servers of the Internet or servers of a 
corporate intranet. Web browser 54 will preferably be pro- 
vided as a graphical web browser that may be classified as 
a parser program that allows the user to view images, fonts, 
and document layouts provided in a web page by converting 
large units of data into smaller, more easily interpreted, units 
of data. Preferably, web browser 54 reads the tagged text of 
a web page provided in HTML format. HTML uses tags to 
identify the parts of a web page, such as headings, bulleted 
lists, body text, onscreen forms, including fill-in text boxes, 
option buttons, radio buttons, and drop-down list boxes, 
images to be displayed, hypertext links, colors, fonts, and 
various other formatting tags. Web browser 54 formats the 20 
various parts of the document for on-screen display as 
directed by the HTML tags. 

Web browser 54 will also be provided as a forms-capable 
browser and a script-enabled browser which allows it to 
interpret HTML formatted web pages that include embedded 25 
script, such as JAVASCRIPT, within the HTML code. The 
embedded script is provided to web browser 54 for enhanced 
processing to ensure that only valid entries are provided 
within select forms and that all appropriate forms are entered 
in certain input web pages. Web browser 54 preferably will 33 
be implemented using NETSCAPE NAVIGATOR or 
MICROSOFT EXPLORER. 

As previously discussed, web server 28 couples to client 
24 through any available communications link. Also, fire- 
wall 20 of FIG. 1 may be provided but is not illustrated in 35 
FIG. 2. Web server 28 includes a processor 58, I/O devices 
60. memory 62. and mass storage device 64. Memory 62 is 
shown enabled or configured with an operating system 66 
which will preferably be provided as the UNIX operating 
system, a web server program 68 which will preferably be 49 
provided as the NETSCAPE ENTERPRISE SERVER, and 
a logon script 70 that may be written using Practical Extrac- 
tion and Report Language (PERL) which is widely used to 
write CGI scripts for WWW forms processing. Once again, 
the CGI is a standard that describes how HTTPD compatible 45 
WWW servers should access external programs so that data 
is returned to the user in the form of an automatically 
generated web page. 

It should also be noted that additional Internet servers or 
corporate intranet servers will likely be positioned between 50 
client 24 and web server 28. As such data security is of 
paramount importance. One method of ensuring that data is 
not improperly intercepted through this path is to provide 
encryption between client 24 and web server 28. This may 
be accomplished using secure HTTP or Secure Sockets 55 
Layer (SSL) protocol when exchanging data. SSL is appli- 
cation independent and works with all Internet tools, not just 
the WWW. Applications that use SSL use public key encryp- 
tion to ensure that while information is being conveyed 
through the Internet, no one can intercept that information, eo 

Web server 28 may be implemented on virtually any 
computer such as a personal computer, a minicomputer, a 
work station, a LAN, a mainframe computer, or any other 
computer capable of executing a web server program and 
interfacing with other servers. Preferably, web server 28 is 65 
implemented as a SUN workstation using the UNIX oper- 
ating system. 
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Processor 58, just like processor 44 of client 24, is under 
the control of the local operating system, which in this case 
is operating system 66. Processor 58 is used to retrieve, 
process, store, and display data. Processor 58 commimicates 
control, address, and data signals with operating system 66 
and with the remaining components of web server 28 
through a system bus. Processor 58 may include an arith- 
metic logic unit used to assist in performing mathematical 
operations. Processor 58 interprets and executes instructions 
that have been fetched or retrieved from memory 62, such as 
from web server program 68 and logon script 70, and may 
be implemented as a single integrated circuity or as a 
combination of integrated circuits. Similarly, I/O devices 60 
may be provided as any I/O device such as those listed 
previously with respect to I/O devices 46. Mass storage 
device 64 may be any device capable of storing computer 
files and is shown with various computer files stored within. 
For example, static HTML pages are shown that represent 
web pages having individual URL addresses. Also, various 
other scripts are shown within mass storage device 64. For 
example, a log out script is shown and will be used in web 
server 28 when a user request to log out of system 10. 

Web server 28 may provide information to any number of 
clients desiring such information. Normally, clients submit a 
URL corresponding to a static HTML page or a URL 
corresponding to a particular script that is to be executed. 
Web server 28 also interfaces with data server 22 through 
any available communications link. This communications 
link may be a secure link to further increase over all system 
security. The various scripts of web server 28 may call 
various stored procedures provided within database server 
22. For example, the scripts provided at web server 28 may 
include web extension commands or statements that allow a 
script to directly call various stored procedures of database 
server 22. 

The stored procedures may be thought of as application 
program interfaces that perform various functions. It should 
also be noted that web server 28 and database server 22, due 
to their critical importance to system 10, may be provided as 
redundant systems, 'l^us, a primary web browser 28 may be 
provided along with a back-up web browser 28, Similarly, a 
primary database server 22 may be provided along with a 
back-up database server 22. This provides several 
advantages, one of which is to minimize overall system 
outages created by system failures. Also, the back-up sys- 
tems may be used to serve as a development system for 
upgrading and maintaining the various software routines of 
system 10. 

Database server 22 includes a processor 74, I/O devices 
76, memory 78, and various mass storage devices or tables 
such as mass storage device 80, activity log table 82, and 
user table 84. Memory 78 will generally be provided as 
RAM and will be enabled with operating system 86, which 
will preferably be provided as the UNIX operating system, 
and a database management system 88, which will prefer- 
ably be provided as SYBASE relational database manage- 
ment system. In such a system, database management sys- 
tem 88 may receive instructions or commands from scripts 
located at web server 28 to initiate various stored procedures 
or computer programs located within database server 22. For 
example, a logon stored procedure 90 is shown being 
executed by database management system 88, Logon script 
70 of web server 28 may initiate the execution of logon 
stored procedure 90. 

Mass storage device 80 is provided to store a variety of 
computer files and programs such as various stored 
procedures, an encryption routine, and various registered 
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procedures. Once again, stored procedures may be defined 
as programs that allow a directly compatible data source, 
such as a SYBASE compatible database or application, to 
perform functions as desired. A registered procedure will 
generally be called by a stored procedure and is used to pass 
parameters and values to a database or application that is not 
directly compatible with database management system 88. 
Registered procedures may be written in C code, and along 
with the stored procedures, allow for portability and ease of 
upgradeability when designing new systems. 

Activity log table 82 is used by database server 22 to log 
various events such as the dale and time of a user logon, the 
date and time of a user log off, and all of the individual 
requests made by a user during a session, including both 
authorized and unauthorized requests. User table 84 serves 
as part of the security system of system 10 and includes all 
of the user information such as account numbers, passwords, 
which are normally encrypted by the encryption routine 
shown within mass storage device 80, sessions ids generated 
during a user's session, and user permissions or rights. The 
fact that user table 84 is provided in one location further 
enhances overall security because of the limited distribution 
of user data and the fact that critical information such as 
passwords and session id numbers may be encrypted when , 
stored in user table 84. Also, the fact that user table 84 is 
provided in only one location eases the administrative 
burden when a user changes a password or when a xiser must 
be added or deleted from the system. 

It should also be noted that although connection 40 
illustrates only one connection to database server 22, it 
should be understood that database server 22 is a multi- 
tasking machine that may provide multiple sessions with 
multiple users and clients. The fact that database server 22 
is separate from the Internet and is provided in such a 
manner that it is not generally accessible as an Internet 
server or corporate intranet server further enhances the 
security of system 10. Database server 22 may also provide 
multi-session and multi -threading such that multiple threads 
may run at the same time. In this manner, operating system 
86 may determine which thread gets the highest priority for 
processing. 

As illustrated in FIG. 1, database server. 22 provides 
access to the various data sources. These data sources may 
be either directly compatible with database management 
system 88 of database server 22 or provided on a different 
platform or environment that is not directly compatible with 
database management system 88. In such a case, these data 
sources may be referred as disparate data sources. The 
disparate data sources may be accessed using a registered 
procedure that is called by a stored procedure by database 
management system 88. Data source 32, data source 34, data 
source 36, data source 38 will generally all include an 
interface to exchange information and so that an appropriate 
data function may be carried out. Additionally, it should be 
understood that the various data sources may not only be 
implemented as databases but may also include application 
programs, and any other system capable of receiving an 
input and generating an output. The output of the data source 
is then is provided to database server 22. 

In operation, the chent logs onto database server 22 by 
selecting an appropriate web page from web server 28. The 
user then enters an account number and password which is 
encrypted and is sent to database server 22 through web 
server 28. As a result, logon script 70 is loaded by web server 
program 68. Next, database server 22 generates a corre- 
sponding session id which is provided back to web browser 
54 of client 24 along with the account number. The account 
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number and session id are stored in volatile memory at client 
24 and will not be written to local storage 50. This further 
enhances security by not allowing a later user of client 24 to 
examine files that may revea l confidcnlkl ^ccount inf o ^ 
tion. Onc^all ^^3ffiBISBIHI ^^Rfe|!feqcfeii 
provided to client 24 so that the user may select a desired 
function. After selecting a desired function, the request and 
information are provided to web server 28 where a corre- 
sponding script is loaded by web server program 68. In 
response, database server 22 is contacted and a correspond- 
ing stored procedure is executed. In some situations, a 
registered procedure may als o be ^ xccjitjEd_by_database 
management system 88. NcklJiSSi'— i^~atcessed^aiid 
exchanged with an appropriate data source using the stored 
procedure and sometimes a registered procedure. The infor- 
mation received from the data source is then provided back 
to database server-22 where it is provided back to the calling 
script where the information is then formatted and a web 
page is provided back to web browser 54 of client 24. The 
user may then view the data and execute any additional 
functions a^esired. Also, each time a request is made, 
database se^e^^S^^^^^^^^^fSSffcQ^^^^l 24 and 
verifiesJl uU the_ses ^ro^ 

^i^ffl[P"aeiaiieS*ffibre*fully^below. All of this activity is 
logged in activity log table 82 as various requests are made 
by a user of client 24. 

FIG. 3 is a block diagram illustrating an exemplary 
implementation 100 of the present invention showing a set 
of routines used ^^a g»nMlfriM f l Mt i r i<W i ^M&Ji ^ pgea 
^gm^y*j^as«t^ fag^QB «as<aMbro^a'gW^^ that 
allows a user to access portfolio information, to retrieve 
stock quotes, and to execute stock transactions. Implemen- 
tation 100 may be accessed using a client coupled to either 
IVR system 16 or web browser program 68. IVR system 16 
couples directly to database management system 88 and 
serves as part of the presentation tier and may be used to 
directly call any of the stored procedures listed directly to 
the right side of database management system 88. 

Web server program 68 also serves as part of the presen- 
tation tier or layer that is provided between a web enabled 
client and database management system 88. Web server 
program 68 may access any of a variety of scripts and may 
also provide static HTML pages back to a requesting client 
coupled to web server program 68. For example, web server 
program 68 may access static HTML pages 108, a logon 
script no, a log out script 112, a portfolio script 114, a check 
quote script 116, and an execute transaction script 118. Web 
server program 68 executes the appropriate script or pro- 
vides the appropriate HTML page as requested by a user at 
a web browse^n abled client . ^ ^, 

For exam pl^y^B I5Eislep"^&^^ s erver 
proaram^Pfelateai'^ont^g^llO which prori^J^^^r 
to e n t dfl BjSaa w^^ Once this 

^^ipPllO accesses dafabase* management^syst em"88'' an o^ ^ 
provides-theSjIoSespoHiaiSg^^ 

liS^n'script 110 iMniisf^ct3tStj:a§6^n^^ 88 

li^^n probeSg?^ Logon stored procedure 120, under the 
control of database management system 88, accesses a user 
table 132 and verifies the provided account number and 
password. Also, log on stored procedure 120 accesses an 
activity log table 134 and generates a record reflecting the 
logon event. If the account number and password are 
verified, control returns to logon script 110. Logon script 110 
may then generate a main menu of the brokerage apphcation 
and provide it to the client as a web page. 
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'lojn^gimalion, to 
^jUKiB^pSmKEg on 
iii^6S initiates the 



check a quote, or toj^^^^gSffk^^ 
what the user selects^JebserverpH^ 
appropriate script. For example, portfolio script 114 is 
executed when the user desires to receive portfolio infor- 
mation and the check quote script 116 is initiated by web 
server program 68 when the user desires to check a quote. 
Each of the scripts will generally be assigned a unique URL 
so that the client may request the appropriate script by 
selecting a hypertext hnk or button at the main menu. 
Finally, if the user desires to execute a transaction, the 
execute transaction script 118 will be activated. When the 
user desires to log out, log out script 112 will be initiated by 
web server program 68. 

Each of the scripts will generally be associated with a 
corresponding stored procedure of the database server. 
Similarly, each stored procedure or registered procedure of 
the database server will be associated with a corresponding 
data source. For example, portfolio script 114 corresponds to 
a portfolio stored procedure 124 which is then associated 
with a data source 32. Also, a check quote saipt 116 is 
associated with a check quote stored procedure 126 which is 
also associated with a check quote registered procedure 136 
and a corresponding data source 34. Finally, execute trans- 
action script 118 is associated with an execute transaction 
stored procedure 128 which corresponds to data source 36 
through an execute transaction registered procedure 138. It 
should be noted that registered procedures are provided 
when the corresponding data source is not directly compat- 
ible with database management system 88. However, as far 
as the scripts and systems of the presentation tier are 
concerned, each of these always interface with a stored 
procedure in the same manner without the need to know any 
of the peculiarities of an associated registered procedure and 
disparate data source, 



rt©n^88B\^llfciSitiate'*tfife*cid^ 
cedure. For example, when a user desires to check a par- 
ticular stock quote, database management system 88 will 
initiate check quote stored procedure 126. Before actually 
attempting to access the associated data source, check quotes 
stored procedure 126 will execute a check access stored 
procedure 130. The check access stored procedure is a 
security function that is illustrated more fully below in 
connection with the description of FIG. 6. Generally though, 
check access stored procedure 130 will receive the session 
id and account number that was provided when the user 
requested the current function. This information will be 
compared to the session id and account number that are 
stored within user table 132 for verification. This event will 
then generate a record within activity log table 134 to 
provide a record of the event. Assuming that access is 
allowed, control returns to check quotes stored procedure 
126 where check quote registered procedure 136 is then 
executed. 

Check quote registered procedure 136 serves as an appli- 
cation program interface between the information requested 
and provided by the user and data source 34. Data source 34 
will generally include an interface and will perform the 
requested function and provide any output data back to 
check quote registered procedure 136, This information is 
then provided to check quote stored procedure 126 and back 
to either IVR system 16, if the client is coupled to IVR 
system 16, or to check quote script 116 of web server 
program 68 if a user is coupled to the system via a web- 
enabled client. In response, a corresponding output will be 
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provided to the user and will provide the latest quote of the 
requested stock. 

The operation of portfolio stored procedure 124 proceeds 
as just described with respect to check quote stored proce- 
dure 126 except that portfolio stored procedure 124 accesses 
the corresponding data source 132 directly. In this case, data 
source 32 is directly compatible with database management 
system 88 and hence access may be directly obtained using 
only stored procedures. 

Finally, execute transaction stored procedure 128 and 
execute transaction registered procedure 138 proceeds iden- 
tically with thai described in connection with check quote 
stored procedure 126. The corresponding data source 36 
provides the transaction information and capability desired. 

Overall, implementation 100 may be divided into three 
separate layers or tiers. The first tier may be referred to as a 
presentation tier 102 and includes the web server and IVR 
system. The next tier may be referred to as an application tier 
104 and includes the database server and associated database 
management system, procedures, routines, and tables. 
Finally, the last tier includes a data tier 106 and includes all 
of the data sources used in the current system. These data 
sources will include disparate data sources. 

FIG. 4 is an overview flow chart illustrating an exemplary 
method 150 for securely accessing information from dispar- 
ate data sources through a network according to the teach- 
ings of the present invention. The method begins at step 152 
and proceeds to step 154 where a logon process is per- 
formed. The logon process, along with a check access 
process, and a log out process provide additional security 
features of the present invention. A more detailed discussion 
of the logon process is provided later and is illustrated more 
fully in FIG. 5, Generally, the logon process involves 
verifying a user's account number and password and gen- 
erating a unique session id in response. The unique session 
id is encrypted so that personnel at database server 22 will 
not have access to a user's session id. Also, the logon 
process involves generating a record in an activity log table 
at the database server to record the logon process. 

Method 150 proceeds next to step 156 where a user at a 
client requests to perform a first function. The first function 
requires access to a first type of disparate data source. The 
method proceeds next to step 158 where the check access 
process is performed to provide session management and to 
provide additional security features. The check access pro- 
cess is described more fully below in connection with FIG. 
6. Generally, the check access process involves receiving the 
session id and account number, that was previoxisly stored at 
the client in step 154, along with the function requested by 
the user. This information is ultimately provided as an input 
to database server 22 where the session id and account 
number are verified against a user table to ensure that they 
are valid. Next, the user table is checked to determine if the 
user has permission to perform the requested first function 
and whether the user has taken too much time between this 
request and a prior request. Also, a record is entered in an 
activity log reflecting the user's request. Finally, if every- 
thing checks out the first function is performed. 

Method 150 then proceeds to step 160 where information 
is exchanged between database server 22 and the first type 
of disparate data source related to performing the first 
function requested. In this case, because access is needed to 
a disparate data source, the database management system, 
such as database management system 88 of database server 
22, will use a stored procedure to call a registered procedure 
to access the first type of disparate data source. Once again, 
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the registered procedure may be an application program 
interface developed using C code allowing for an exchange 
of data between the first type of disparate data source and the 
database management system of database server 22. After 
the information is retrieved, the information is ultimately 
provided back to the client. In the case of a web browser- 
enabled client, the information will be provided by a web 
server in the form of a web page. 

Next, the method proceeds to step 162 where the user 
requests to perform a second function requiring access to a 
second type of data source. The second type of data source 
may be a data source that is compatible with the database 
manager resident within database server 22. In such a case, 
the database management system will use a stored procedure 
to access the second type of data source. 

The method proceeds next to step 164 where the check 
access process is performed once again. This is performed in 
the same manner as was discussed previously with respect to 
step 158. Assuming the check access process does not find 
any problems, the method proceeds next to step 166 where 
the stored procedure of database server 22 is performed to 
exchange information with the second type of data source to 
perform the second function as requested by the user. 

Finally, the method proceeds to step 168 where a log out 
process is performed to provide yet another security func- 
tion. The log out process is described more fully below in 
connection with the description accompanying FIG. 7. 
Generally, the log out process involves the user selecting a 
log out button and providing the session id, account number, 
and log out function request to database server 22. The 
session id is again validated and records arc generated in the 
activity log table of database server 22. Next, the session id 
is erased from the user table and a command is sent to the 
client to delete the session id and account number previously 
stored at the client during the logon process for this session. 
For example, if client 24 of FIG. 1 is used, the session id and 
account number were originally stored in the memory or 
Cookie of the web browser-enabled client 24. If telephone 
12 of FIG. 1 is used as a client, the session id and account 
number are stored at IVR system 16 and thus are deleted 
during the log out process from IVR system 16. Finally, the 
user will receive a home page or home menu allowing the 
user to logon again if desired. Method 150 ends at step 170. 

FIG. 5 is a flow chart illustrating an exemplary method 
172 for performing a logon process that may be used in 
method 150 for securely accessing information from dispar- 
ate data sources. Method 172 begins at step 174 and pro- 
ceeds to step 176 where a user enters an account number and 
a password at a client and selects a logon button. In 
response, method 172 proceeds to step 178 where the 
account number and password are received from the chenl 
at either a network server, such as web server 28 of FIG. 1, 
or at another system such IVR system 16 of FIG. 1. 

Method 172 then proceeds to step 180 where a logon 
stored procedure is executed at database server 22 while the 
account number and password are also provided to database 
server 22. Proceeding next to decision step 200, the account 
number and password are verified against a user table 
provided at database server 22 to determine if they are valid. 
If not, the method proceeds to step 202 where a failed logon 
variable associated with the account number is incremented 
by one. The method then proceeds to decision step 204 
where if the failed logon variable is equal to three, the 
method proceeds to steps 208 and 210 where the user's 
account number is disabled in the user table and an error 
message is generated and presented to the client. The 
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method then ends at step 220. Otherwise, the method 
proceeds to step 206 where an error message is provided to 
the client that an invalid account number or password had 
been received and that the logon was not successful. As 

5 such, the method proceeds back to step 178 and proceeds 
again to decision step 200. 

If the account number and password are found to be valid 
in decision step 200, the method proceeds to step 212 where 
a unique session id is generated and stored in the user table. 

10 In a preferred embodiment, the unique session id also 
contains information corresponding the current time and 
date and is then stored in the user table where it may be 
associated with the account number. The imique session id 
is scrambled or encrypted so that system administrators and 

15 other personnel having access to database server 22 may 
never access the session id. 

Method 172 proceeds next to step 214 where a record is 
generated in an activity log table provided through database 
server 22. Next, the session id, which may be encrypted, and 
an account number are provided back to the client for 
storage in step 216. For example, if the client is a computer 
enabled with a web browser, such as client 24 in FIG. 1, the 
session id and account number are stored in volatile memory 
such as random-access memory (RAM) of the client by the 
web browser. On the other hand, if the client is similar to 
telephone 12 of FIG. 1 and does not provide the capability 
to store information, the session id and account number may 
be stored at a termination device such as IVR system 16 of 
FIG. 1. Finally, a main menu is presented at the client for the 
user and the method ends at step 220. 

FIG. 6 is a flow chart illustrating an exemplary method 
230 for performing the check assess process that may be 
used in method 150 for securely accessing information from 
disparate data sources and for performing session manage- 
ment. Method 230 begins at step 232 and proceeds to step 
234 where the user selects a desired function to execute. As 
a result, the session id, account number, and the function 
request are provided to database server 22 from the client. 
As was mentioned previously with respect to telephone 12 
of FIG. 1, when the client is incapable of storing 
information, an associated system, such as IVR system 16, 
may be used to send and receive this information. 

Method 230 proceeds next to step 236 where the input 

45 information is received at database server 22. Database 
server 22 compares the received session id with the session 
id stored in the user table associated with the user's account 
number. Proceeding next to the decision step 238, if the 
session id is verified, the method proceeds to step 242; 

5Q otherwise, the method proceeds to step 240 where a record 
is generated in the activity log table and an error message is 
generated that requires the user to logon again. The method 
then ends at step 264. 

Assuming that the session id was found to be valid, 

55 decision step 238 proceeds to step 242 where the function 
requested by the user in the input is compared with the user 
permissions or rights, that, preferably, will be stored in the 
user table, to determine if the user has sufficient privileges 
or rights to execute the requested function. Also, step 242 

60 involves comparing the current time to the last time that the 
user made a request during the current session. If this time 
is greater than a predefined period, such as fifteen minutes, 
an error message is provided to the client and the client is 
required to reenter the correct password. This is illustrated 

65 more fully in the following steps. 

Method 230 proceeds next to decision step 244 where it 
is determined whether too much time has expired between 
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requests. If so, the method proceeds to step 246 where a 
record is generated in the activity log table at database server 
22 and an error message is generated and provided back to 
the client requesting the user to reenter the correct password. 
The method then ends at step 264. If too much time has not 
expired between requests, the session continues and decision 
step 244 proceeds to decision step 248 where it is deter- 
mined whether the user has the appropriate permission to 
perform the function requested. If not, the method proceeds 
to step 250 where a record is generated in the activity log 
table indicating that the user attempted to execute a function 
to which the user did not have appropriate permission. Also, 
an error message is generated and provided back to the 
client. Method 230 then ends at step 264. 



page, greeting page, or menu may be provided as illustrated 
by home page 312. Home page 312 allows the user to select 
one of three buttons: (1) to view general information on the 
brokerage application; (2) to view markets at a glance to see 
5 a summary of overall market information; and (3) to logon 
the system by accessing a logon menu. 

A general information display 314 is provided if the 
general information button is selected. General information 
display 314 provides general information on the brokerage 
^0 application and discusses such things as how to apply for an 
account number and the overall and general features pro- 
vided by the brokerage application or system. If the markets 
at a glance button is selected, markets at a glance display 316 
is provided. This display provides information on the major 



If the user does have the appropriate permission to 15 exchanges and stock markets of the world and whether they 



perform the function requested, decision step 248 proceeds 
to step 260 where control is provided to the calling stored 
procedure as illustrated previously in FIG. 3. Next, the 
method proceeds to step 262 where the activity log table is 
updated by generating a new record that includes the infor- 
mation corresponding to the function requested, the account 
number, the date, and the time. Method 230 ends at step 264. 

FIG. 7 is a flow chart illustrating an exemplary method 
280 for performing a log out process that may be used in 
method 150 for securely accessing information from dispar- 
ate data sources. Method 280 begins at step 282 and pro- 
ceeds to step 284 where the user selects a log out button. The 
method then proceeds to step 286 where the session id, 
account number, and log out ftinction request is received as 
an input from the client. 

Method 280 proceeds next to step 288 where a log out 
stored procedure is executed at database server 22. The log 
out stored procedure compares the received session id input 
with the session id previously stored in the user table. If the 
session id is found to be valid, a decision step 290 proceeds 
to step 296. Otherwise, the method proceeds to step 292 
where the activity log is updated with a new record reflecting 
the unsuccessful log out attempt. An error message is then 
generated in step 294 and presented to the client. The 
method will then end at step 304. 

Assuming that the session id was found to be valid, the 
method proceeds to step 296 where the session id is erased 
or removed from the user table. This indicates that the 
session has ended and that any further transactions or 
requests cannot proceed until the user has logged on again. 
Proceeding next to step 298, the activity log table is updated 
with a record reflecting the time and date of the log out. 
Next, the method proceeds to step 300 where a command or 
input is sent to the client to delete the session id and account 
number previously stored at the client during logon. For 
example, assuming that the client is a web browser-enabled 
computer such as client 24 of FIG. 1, a command is sent to 
the volatile memory controlled by the web browser, such as 
a Cookie, to erase the encrypted session id and account 
number that were previously stored. This prevents any 
record of the session id and account number from later being 
written to a file, such as the Cookie file of a web browser. 
Hence, no record of the session id or account number exists 
at the client. 

Method 280 proceeds next to step 302 where a home page 
or greeting page or menu is provided to the client where the 
user has the option of logging on the system if desired. ITie 
method ends at step 304. 



are up or down for the current day or previous day. 

Assuming that the user selects the logon menu button at 
home page 312, the system displays a logon menu 318 as 
illustrated in map 310. Lxjgon menu 318 prompts the user to 
enter an account number, and a password. After entering the 
account number and password, the user may select a submit 
logon button so that this information is provided to the 
system. 

Assuming that the submit logon button was selected, a 
brokerage application main menu 320 is provided to the user 
at the client. This may be provided in the form of a voice 
menu for an IVR system or as a web page when the client 
is a web browser-enabled computer. Brokerage application 
main menu 320 includes various buttons to allow a user to 
select desired functions. For example, brokerage application 
main menu 320 may provide a portfoho information button, 
a check a quote button, an execute transaction button, and a 
log out button. If the log out button is selected, the client will 
be taken back to home page 312. 

Assuming that the portfolio information button is 
selected, the user's portfolio is gathered from an appropriate 
data source, such as a disparate data source, and an appro- 
priate output display is generated. For example, a portfolio 
information output display 322 may be generated that sum- 
marizes the user*s current portfolio. After viewing portfolio 
information output display 322, the user may select a main 
menu button to return to brokerage application main menu 
320. 

Assuming that the check a quote button is selected, a 
quote input display 324 is provided to the client. Quote input 
display 324 prompts the user to enter a desired ticker symbol 
and exchange. Quote input display 324 then allows the xiser 
to select a get quote button or a main menu button. Assuming 
50 that the get quote button is selected, a quote output display 
326 is generated and provided to the client. Quote output 
display 326, in one embodiment, may display the current or 
last stock price and the volume of the stock traded during the 
current day or during the last day that the market or 
exchange was open. The user may then proceed back to 
brokerage application main menu 320 by selecting the main 
menu button on quote output display 326. 

Next, assuming that a user selected the execute transac- 
tion button from brokerage application main menu 320, the 
60 brokerage application generates a transaction input display 
328. Transaction input display 328 may include, in one 
embodiment, an entry field for the ticker symbol, the 
exchange where the stock or security is traded, the number 
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of shares desired in the current transaction, and a price at 
FIG. 8 is an overview exemplary map 310 of various 65 which the user will buy or sell the desired stock. Transaction 
input/informational displays and output displays that may be input display 328 may then include a submit buy button and 
used in the brokerage application of FIG. 3. As such, a home a submit sell button so that the user may either buy or sell 
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the desired stock according to the entered terms. 
AJteraatively, the user may exit Iraosaction input display 328 
by selecting the main menu button and proceeding back to 
brokerage application main menu 320. 

Assuming that the user selected the submit buy button, a 
transaction buy summary output display 330 will be gener- 
ated summarizing the buy transaction. Alternatively, if the 
submit sell button of transaction input display 328 is 
selected, the brokerage application, in one embodiment, may 
generate a transaction summary sell output display 332. This 
display provides a summary of the sell transaction and 
provides a button to return to brokerage application main 
menu 320. 

Referring back to brokerage application main menu 320, 
the log out button may be selected which will perform the 
log out process and generate a display such as home page 
312 where a user may logon to the system again if desired. 

Thus, it is apparent that there has been provided, in 
accordance with the present invention, a system and method 
for securely accessing information from disparate data 
sources through a network that satisfy the advantages set 
forth above. Although the preferred embodiment has been 
described in detail, it should be understood that various 
changes, substitutions, and alterations can be made herein 
without departing from the scope of the present invention. 
For example, although the present invention has been 
described and illustrated primarily in relation to developing 
Internet or Web applications, it should be understood that the 
present invention is in no way limited to only the Internet 
and may be implemented on other computer networks as 
well. Also, the security modules and routines described and 
illustrated in the preferred embodiment as discrete or sepa- 
rate modules and routines may be implemented using a 
single routine or a plurality of individual modules or rou- 
tines without departing from the scope of the present inven- 
tion. Furthermore, it should be noted that the present inven- 
tion may be implemented using virtually any computer 
system and many of the software routines may be developed 
using virtually any available programming language. Other 
examples of changes, substitutions, and alterations are 
readily ascertainable by one skilled in the art and could be 
made without departing from the spirit and scope of the 
present invention as defined by the following claims. 

What is claimed is: 

1. A method for securely accessing information from 
disparate data sources through a network comprising the 
steps of: 

requesting a logon menu from a network server of the 
network using a client; 

receiving a logon menu at the client; 

communicating a logon input to the network server in 
response to receiving the logon menu; 

receiving the logon input at the network server and 
communicating the logon input to a database server; 

verifying that the logon input is a valid logon input at the 
database server; 

generating and storing a unique session identification 
number at the database server in response to success- 
fully verifying that the logon input is a valid logon 
input; 

communicating the session identification number and a 

portion of the logon input to the client; 
storing the session identification number and the portion 

of the logon input at the client; 
communicating a menu to the client prompting the user to 

perform at least a first function requiring access to a 
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first type of disparate data source and a second function 
requiring access to a second type of data source; 
requesting the first function; 

communicating the session identification number, the 
^ portion of the logon input, and the first function request 

to the network server; 
receiving the session identification number, the portion of 

the logon input, and the first function request at the 

network server and communicating to the database 

server; 

verifying at the database server that the session identifi- 
cation number and the portion of the logon input are 
valid; 

15 exchanging information between the database server and 
the first type of disparate data source while performing 
the first function; and 
generating a first output in response to performing the first 
function and communicating this to the client. 
20 2. The method of claim 1, further comprising the steps of: 
requesting the second function; 

communicating the session identification number, the 
portion of the logon input, and the second function 

25 request to the network server; 

receiving the session identification number, the portion of 
the logon input, and the second function request at the 
network server and communicating this information to 
the database server; 

30 verifying at the database server that the session identifi- 
cation number and the portion of the logon input are 
valid; 

exchanging information between the database server and 
the second type of data source while performing the 
35 second function; and 

generating a second output in response to performing the 
second function and communicating this to the client. 

3. The method of claim 2, wherein the logon input 
includes a password and an account number, and the portion 

^ of the logon input includes the account number. 

4. The method of claim 1, further comprising the steps of: 
communicating a log off request, the session identification 

number, and the portion of the logon input to the 
network server from the client; 

45 

communicating the log off request, the session identifi- 
cation number, and the portion of the logon input from 
the network server to the database server; 

verifying at the database server that the session identifi- 
50 cation number and the portion of the logon input are 
valid; 

deleting the session identification number at the database 
server; 

sending a command to the client to delete the stored 
55 session identification number and the portion of the 
logon input at the chent. 

5. The method of claim 4, wherein the client is a computer 
enabled with a web browser and the storing the session 
identification number and the portion of the logon input at 

60 the client step includes using the web browser to store the 
session identification number and the portion of the logon 
input in a portion of volatile memory, and wherein the 
sending a command to the client to delete the stored session 
identification number and the portion of the logon input step 

65 includes deleting the contents of the portion of volatile 
memory before the web browser writes the session identi- 
fication number and the logon input to non-volatile memory. 
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6. The method of claim 1, whereio the client is a computer 
enabled with a web browser and the storing the session 
identification number and the portion of the logon input at 
the client step includes using the web browser to store the 
session identification number and the portion of the logon 5 
input in volatile memory, 

7. The method of claim 1, wherein the database server is 
in continuous, direct communication with the network 
server and is not directly accessible through the network. 

8. The method of claim 1, wherein the exchanging infor- lo 
mation between the database server and the first type of 
disparate data source while performing the first function step 
includes using a database management system, a stored 
procedure, and a registered procedure at the database server 

to access the first type of disparate data source which is not is 
directly compatible with the database management system. 

9. The method of claim 1, wherein the exchanging infor- 
mation between the database server and the second type of 
data source while performing the first function step includes 
using a database management system at the database server 20 
to access the second type of data source that is directly 
compatible with the database management system. 

10. The method of claim 1, wherein a record in an activity 
logging table at the database server is generated after the 
requesting the first function step. 25 

11. 'ITie method of claim 1, wherein the communication 
between the client and the network server is provided using 
a secure socket layer standard. 

12. The method of claim 1, wherein the verifying that the 
logon input is a valid logon input at the database server step 30 
includes encrypting a password provided as part of the logon 
input and comparing the encrypted password with an 
encrypted password previously stored in a user table at the 
database server. 

13. The method of claim 12, wherein an error message is 35 
generated and provided to the client if the verifying that the 
logon input is a valid logon input at the database server step 
cannot verify the logon input. 

14. The method of claim 1, wherein the verifying at the 
database server that the session identification number and 40 
the portion of the logon input are valid step further includes 
verifying that a user identified by the portion of the logon 
input, has the rights to perform the first function request. 

15. The method of claim 1, wherein the generating and 
storing a unique session identification number at the data- 45 
base server step includes encrypting the session id before 
storing as the database server. 

16. The method of claim 1, wherein the network is the 
Internet. 

17. A system for securely accessing information from 50 
disparate data sources through a network, the system com- 
prising: 

a client having a volatile memory and enabled with a web 
browser, the client operable to exchange information 
and to communicate a request, and a session identifi- 55 
cation number and an account number that are stored in 
the volatile memory; 

a network server operable to exchange information with 
the client and operable to receive the request, the 
session identification number, and the account number 
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from the client, the network server enabled with a web 
server program that is operable to execute a script and 
to generate and provide information to the client in 
response to the request from the client; 
a database server in communication with the network 
server and operable to receive the session identification 
number and the account number from the network 
server, the database server enabled with a database 
management system that is operable to execute a first 
function stored procedure in response to the execution 
of the script at the network server, the database server 
further including a user table, a check access stored 
procedure, the first function stored procedure, and a 
•first function registered procedure, the first function 
stored procedure operable to execute the check access 
stored procedure to verify the session identification 
number and the account number with information in the 
user table and to execute the first function registered 
procedure to request information from a disparate data 
source; and 

a first disparate data source operable to exchange infor- 
mation with the database server in response to a request 
from the first function registered procedure. 

18. The system of claim 17, wherein the database server 
further includes a logon stored procedure and a log off stored 
procedure. 

19. The system of claim 17, further comprising: 

a second client implemented as an interactive voice 
response system and operable to receive a user request 
and to store a session identification number and an 
account number, the second client further operable to 
communicate the user request, the session identification 
number, and the account number to the database server, 
the database server further operable to execute the first 
function stored procedure in response to the user 
request received from the second client. 

20. A database server for use in a system for securely 
accessing information from disparate data sources through a 
network, the database server comprising: 

a storage medium for 'storing a database management 
system, a check access stored procedure, a first function 
stored procedure, a first function registered procedure, 
and a user table; and 

a processor responsive to the database management sys- 
tem to: 

receive a session identification number and an account 
number; 

receive a request to execute the first function stored 
procedure; 

execute the first function stored procedure in response 
to the request; 

execute the check access stored procedure to verify the 
session identification number and the account num- 
ber in the user table in response to executing the first 
function stored procedure; and 

execute the first function registered procedure to 
request information from a disparate data source. 

* * * « # 
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